summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* WHATSNEW: Add changes since 3.5.10.samba-3.5.11Karolin Seeger2011-08-031-3/+34
| | | | | Karolin (cherry picked from commit 529bfe1d43fc8f6c7a1ef93d437f40cd89b1ab63)
* Fix bug 7462 - Non-standard SA_RESETHAND is used in ...lib/tevent/tevent_sigJeremy Allison2011-08-023-4/+6
| | | | | | | | | Make SA_RESETHAND conditional on its existance. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Aug 1 22:03:45 CEST 2011 on sn-devel-104 (cherry picked from commit 0c67efdd68b9808542c090b9fd9920e4e37d85d0) (cherry picked from commit 490986add9d5e80b24e90dbfe3e3ef23ce5584a0)
* s3: Test for "__attribute__((destructor))"Volker Lendecke2011-08-021-0/+16
| | | | | | | (cherry picked from commit 36e736871e28665ffcbbc4d0c87e1a2b60fcf0e0) Fix bug #8322 (HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR is missing from 3.5.x). (cherry picked from commit c69ab4252d9aea274f44f96b1e3f41ca57185987)
* s3:librpc/gen_ndr: regen after wbint.idl changesStefan Metzmacher2011-08-024-0/+23
| | | | | | | metze Part of a fix for bug #7841 (WINBINDD_LOOKUPRIDS asks the wrong domain). (cherry picked from commit 12a4b5633d5c3488f48f3e7a5084402f6eeeb9c5)
* s3:nmbd_subnetdb: close all sockets attached to a subnet in close_subnet() ↵Stefan Metzmacher2011-08-021-3/+11
| | | | | | | | (bug #8276) metze (cherry picked from commit 75e9f2110876137a57632d223248ac51dbfc4569) (cherry picked from commit 48355dae98885ca0d44dbf4206a0bdf16c64fced)
* s3:nmbd_packets: make sure create_listen_fdset() returns initialized data ↵Stefan Metzmacher2011-08-021-18/+26
| | | | | | | | | | | | | (bug #8276) Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open) (commit feb3fcd0fa4bda0967b881315595d7702f4d1752) changed the bahavior, so that we skipped some sockets. This should work for v3-5-test. metze (cherry picked from commit 9d5738f779b803fb257537d6308a5f34625cb1b0)
* s3:smbldap: make smbldap_connect_system self containedGregor Beck2011-08-021-6/+11
| | | | | The last 5 patches address bug #8253 (winbindd panics if verify_idpool() fails). (cherry picked from commit 1da14b93bc664948699f62cca2fc777c6f7523c9)
* s3:smbldap: add a destructor to smbldap_state, just in caseGregor Beck2011-08-021-0/+7
| | | | (cherry picked from commit 6a3869da05b0d0e4d47db2502489de359d5e7e45)
* s3:smbldap: let smbldap_free_struct do what it claims toGregor Beck2011-08-021-2/+1
| | | | (cherry picked from commit df03f6c2c98f65bf9656d27e1cc9dc72cd587e31)
* s3:smbldap: free the idle event scheduled in smbldap_open in smbldap_closeGregor Beck2011-08-021-1/+2
| | | | (cherry picked from commit 70856a728a0be1c97e9e13382cd2d880450e07c4)
* s3:smbldap: use smbldap_state as memory context for idle eventGregor Beck2011-08-021-2/+2
| | | | | | ensure the event is canceled if the smbldap_state gets freed this fixes a panic of winbindd if verify_idpool fails (cherry picked from commit 3d78bea9ac27c3f6c98561e287add632a17ce747)
* s3: explicitly pass domain_sid to wbint_LookupRids() (bug #7841)Volker Lendecke2011-08-023-8/+10
| | | | (cherry picked from commit 1a8155d347e2a8de3432ce0fe99d598c25c2bafb)
* Fix bug #8254 - "acl check permissions = no" does not work in all casesJeremy Allison2011-08-022-2/+16
| | | | | | | | | Move lp_acl_check_permissions() into can_delete_file_in_directory() where it makes sense. Remove ACL check when requesting DELETE_ACCESS when lp_acl_check_permissions is false. Thanks to John Janosik @ IBM for noticing this. (cherry picked from commit 83357ecf6adafe3d23ada705e79c3af25ad4e734)
* s3: increase the log level for missing PIDs on SIGCHLDDavid Disseldorp2011-08-021-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | Since the fix for bso#7836, the parent smbd is responsible for maintaining an up-to-date printcap cache. It does this by forking a child process to asynchronously fetch printcap data from CUPS. When the child process exits after fetching all printcap data, the parent smbd is sent SIGCHLD. This triggers smbd_sig_chld_handler() which looks for the exited process PID on a "children" list. Child smbd process PIDs are added to the "children" list to ensure cleanup on unclean shutdown and log level change notification messages. Printcap update process PIDs are not added to the list as they do not maintain any state that requires cleanup, nor do they wait on tevent for messages. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu Feb 17 11:11:45 CET 2011 on sn-devel-104 (cherry picked from commit 9c12232f1ae36e00d04114ad73edd8ba3c2c6a5c) Fix bug #8269 (smbd spams log with "Could not find child X -- ignoring" messages). (cherry picked from commit ba118ac287d49267dd2f346d4ddd2e590ebbe653)
* WHATSNEW: Formatting.Karolin Seeger2011-08-021-2/+2
| | | | | Karolin (cherry picked from commit efd437efea9096837f3f45b47daff3e147cddea8)
* s3-WHATSNEW 3.5.9 Add information on kerberos changeAndrew Bartlett2011-08-021-0/+14
| | | | (cherry picked from commit eb7c10ea16ff7db34d8ab71306c7d5d298df8d40)
* s3: Fix bug 8238 -- KB2536276 prevents access to sharesVolker Lendecke2011-08-021-0/+1
| | | | | | Without this we were not sending the workgroup name in the negprot reply if plain text passwords are used. (cherry picked from commit d42bf679b0807ebc47f43c62d4b883e0b5096abb)
* docs: fix the missing parameter description section in the smb.conf manpageMichael Adam2011-08-021-1/+9
| | | | | | | | | | | | | | | | | | | The smb.conf (5) manpage recently sometimes failed to contain the contents of the description of each parameter section. The reason was a unreliable chain of dependencies in the Makefile. The error can be reproduced by touching manpages-3/smb.conf.5.xml and then building the manpages. Then smb.conf.5.xml is newer than any of the smbdotconf/*/*.xml files and hence the intermediate inexistent parameters.*.xml don't get generated. This patch fixes this problem by introducing a phony "parameters" target referencing the parameters.*.xml targets, so that they get build unconditionally. Fix bug #7997 (smb.conf.5 manpage truncated in 3.5.8). (cherry picked from commit 08e64ab50b9202ccbc6c0b397f9ac8cc467c2254)
* libreplace: include sys/file.h only when availableBjörn Jacke2011-08-022-1/+3
| | | | | thanks to Joachim Schmitz <schmitz@hp.com>. This fixes #7460. (cherry picked from commit a33b6032beb45f7ba07432899236fccb133a6dfc)
* s3-docs Add documentation for 'client use spnego principal'Andrew Bartlett2011-08-021-0/+28
| | | | (cherry picked from commit 4829da5bd4989b7e4b7e858af1770f13d9d2e647)
* WHATSNEW: Start release notes for 3.5.11.Karolin Seeger2011-07-261-2/+45
| | | | Karolin
* VERSION: Bump version up to 3.5.11.Karolin Seeger2011-07-261-1/+1
| | | | Karolin
* s3-swat: Fix typo.samba-3.5.10Karolin Seeger2011-07-241-1/+1
| | | | | | Thanks to Simo for reporting! Karolin
* s3 swat: Create random nonce in CGI modeKai Blin2011-07-241-1/+19
| | | | | | | | | | | | | In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin <kai@samba.org> The last 12 patches address bug #8290 (CSRF vulnerability in SWAT). This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT).
* s3 swat: Add time component to XSRF tokenKai Blin2011-07-242-5/+25
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to printer pageKai Blin2011-07-241-10/+18
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to password pageKai Blin2011-07-241-3/+8
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to shares pageKai Blin2011-07-241-5/+13
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to globals pageKai Blin2011-07-241-0/+7
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to wizard pageKai Blin2011-07-241-1/+8
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to wizard_params pageKai Blin2011-07-241-0/+7
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to viewconfig pageKai Blin2011-07-241-0/+7
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to status pageKai Blin2011-07-241-0/+7
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add support for anti-XSRF tokenKai Blin2011-07-242-0/+59
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Allow getting the user's HTTP auth passwordKai Blin2011-07-242-0/+10
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Fix possible XSS attack (bug #8289)Kai Blin2011-07-241-12/+2
| | | | | | | | | | | | | Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack against SWAT, the Samba Web Administration Tool. The attack uses reflection to insert arbitrary content into the "change password" page. This patch fixes the reflection issue by not printing user-specified content on the website anymore. Signed-off-by: Kai Blin <kai@samba.org> CVE-2011-2694.
* WHATSNEW: Update release notes.Karolin Seeger2011-07-241-5/+22
| | | | Karolin
* WHATSNEW: Start release notes for 3.5.10.Karolin Seeger2011-06-141-2/+43
| | | | | Karolin (cherry picked from commit a32956ad21b70d10a5b2a8516e39cbd35aa09045)
* VERSION: Bump version up to 3.5.10.Karolin Seeger2011-06-141-1/+1
| | | | | Karolin (cherry picked from commit 767cf9e13421c00a658dac93ef77353587539344)
* WHATSNEW: Update changes since 3.5.8.samba-3.5.9Karolin Seeger2011-06-141-1/+7
| | | | | Karolin (cherry picked from commit d1880d237bdf79b036623ebf5ae477838c9482c9)
* Fix re-opened bug 8083 - "inherit owner = yes" doesn't interact correctly ↵Jeremy Allison2011-06-141-4/+17
| | | | | | | | | | | | | with vfs_acl_xattr or vfs_acl_tdb module. Fix incorrect interaction when all of "inherit permissions = yes" "inherit acls = yes" "inherit owner = yes" are set. Found by Björn Jacke. Thanks Björn ! (cherry picked from commit b5011e4c2cee39d4334c04ce7c8adc43a8ca7e6b)
* Part 5 of bugfix for #8211 - "inherit owner = yes" doesn't interact ↵Jeremy Allison2011-06-141-0/+12
| | | | | | | correctly with "inherit permissions = yes" and POSIX ACLs Ensure when creating a directory, if we make any changes due to inheritance parameters, we update the stat returned. (cherry picked from commit f5e238cbd97d63e107b64268691dff67cce8fe94)
* Part 4 of bugfix for #8211 - "inherit owner = yes" doesn't interact ↵Jeremy Allison2011-06-141-3/+2
| | | | | | | | correctly with "inherit permissions = yes" and POSIX ACLs We don't need to check mode bits as well as dev/ino to ensure we're in the same place. (cherry picked from commit 0c1b1b73870bd477c83c130cab297b7f2615fe55)
* Part 3 of bugfix for #8211 - "inherit owner = yes" doesn't interact ↵Jeremy Allison2011-06-141-17/+25
| | | | | | | | | | correctly with "inherit permissions = yes" and POSIX ACLs When changing ownership on a new file make sure we must have a valid stat struct before making the inheritance calls (as they may look at it), and if we make changes we must have a valid stat struct after them. (cherry picked from commit d18d6df840d3a47fa1d7b877e07f804f025811ee)
* Part 2 of bugfix for #8211 - "inherit owner = yes" doesn't interact ↵Jeremy Allison2011-06-141-3/+6
| | | | | | | | correctly with "inherit permissions = yes" and POSIX ACLs When changing ownership on a new file make sure we also change the returned stat struct to have the correct uid. (cherry picked from commit 59e77811b7774ad76e082ee9fd840a277df75c4c)
* Part 1 of bugfix for #8211 - "inherit owner = yes" doesn't interact ↵Jeremy Allison2011-06-141-0/+3
| | | | | | | | correctly with "inherit permissions = yes" and POSIX ACLs When changing ownership on a new directory make sure we also change the returned stat struct to have the correct uid. (cherry picked from commit f3900b0a96f98cc65d957cda5f92963f636d6ec1)
* s3:lib/access: normalize IPv4 mapped IPv6 addresses in both directions (bug ↵Stefan Metzmacher2011-06-141-14/+17
| | | | | | | | | | | #7383) metze (cherry picked from commit 4bfe2d5655d97fbc7e65744425b5a098e77f5ba1) (cherry picked from commit 62b2083c627abeb8a2fb7e5adc793c630d0d561c) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit d9ea6a10a8ba84e8a5a5a65c903ed96f9aa59aa5)
* WHATSNEW: Add more changes since 3.5.8.Karolin Seeger2011-06-141-0/+36
| | | | | Karolin (cherry picked from commit 7e307ac32ca074e47e27229fcef894343ec0f9c9)
* s3-winbind: BUG 8166 - Don't lockout users when offline.Jim McDonough2011-06-141-1/+4
| | | | | | | | | Windows does not track bad password attempts when offline. We were locking users out but not honoring the lockout duration. Autobuild-User: Jim McDonough <jmcd@samba.org> Autobuild-Date: Wed May 25 18:11:10 CEST 2011 on sn-devel-104 (cherry picked from commit b58534f1fca27e3e72f4f4107538ec05734bd42a) (cherry picked from commit a73963dd49d33bcfdd5cbc310dad0f895683eadf)
* Fix bug #7528 - Solaris with NIS autohome.Jeremy Allison2011-06-141-0/+3
| | | | (cherry picked from commit 0ffdf2288b1e6798e43259568818378c43b979e5)
generated by cgit (git 2.34.1) at 2025-09-01 14:10:46 +0000